如何在.NET 4.5中使用ADFS保护WCF Web服务?
[英]How to secure WCF web service using ADFS in .NET 4.5?
问题描述
使用身份和访问工具(VS 2012的一部分),我可以配置WCF以使用我们的公司ADFS服务器。
相关的web.config
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials useIdentityConfiguration="true">
<!--Certificate added by Identity and Access Tool for Visual Studio.-->
<!-- <serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />-->
<serviceCertificate findValue="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Always"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false">
<issuerMetadata address="https://auth1.domain.com/adfs/services/trust/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://wcfurl.domain.com/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://auth1.domain.com/adfs/services/trust">
<keys>
<add thumbprint="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
</keys>
<validIssuers>
<add name="http://auth1.domain.com/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
但是,当我从控制台应用程序引用该WCF服务(“添加服务引用”)时,直接进行到WCF服务的调用,而不是像使用标准ASP.NET应用程序那样将其重定向到ADFS进行身份验证。
我真的必须通过代码来实现对adfs的调用吗? 如果是这样的话,怎么做呢?
1 个解决方案
解决方案1
1 已采纳 2014-10-02 14:50:11
Eric在基于SAML的身份验证Web服务和基于浏览器的应用程序(即Web应用程序)中使用不同的身份验证机制。 尝试查看被动认证与主动认证,在这种情况下,客户端应使用WS-Trust驱动认证(主动客户端),因为Web服务调用中没有重定向。请查看此http://msdn.microsoft.com/zh_cn -us /杂志/ ee335705.aspx
-和平
使用adfs 2.0被动身份验证从Web应用程序调用时,带有webhttpbinding的WCF服务调用不起作用
[英]wcf service call with webhttpbinding not working when calling from web application when using adfs 2.0 passive authentication
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.